Systems and methods for third-party interoperability in secure network transactions using tokenized data

ABSTRACT

Embodiments include methods and systems for enabling third-party data service interoperability, comprising receiving, from an electronic data server, a request for a low-value token, the low-value token being associated with a subset of sensitive data associated with a user; providing the low-value token to the electronic data server; receiving a request for the subset of sensitive data, from a third-party data service server, the request comprising the low-value token; de-tokenizing the low-value token to obtain the subset of sensitive data; providing the subset of sensitive data to the third-party data service server; receiving, from an electronic data server, the low-value token and a transaction authorization request; determining, based on the low-value token and authorization request, an authorization response; and providing the authorization response to the electronic data server.

FIELD OF DISCLOSURE

The present disclosure relates generally to the field of secure networktransactions and, more particularly, to managing secure networktransfers of sensitive data between third parties using tokens.

BACKGROUND

One reality of the modern Internet-connected world is that the storageand transfer of sensitive and secure electronic data is potentiallyvulnerable to data breaches. Further, as electronic systems, such aspoint of sales (“POS”) systems, become more complex, and as hackersbecome more sophisticated, security concerns are continually increasing.

In the early days of electronic transactions, dedicated magnetic cardreaders would scan unencrypted sensitive data on a credit card andtransfer it to a transaction service for completion of the transaction.These communications were typically made over a dial-up connection andrequired basic encryption in the reader device in order to maintainsecurity of the packet.

Over time, the reader devices have become more advanced, often withInternet connections and data input ports that enable malware to infectPOS terminals. Further, as more and more merchants have moved totransfer data over the Internet, additional security features have beendeveloped.

Most notably, “tokenization” is a means for replacing sensitive datawith a “token” of data that may be non-decryptable or non-detokenizableby the merchant or other tokenization users (e.g. because they requirethird party decryption). Merchants, for example, might not ever storesensitive data themselves, thus enhancing data security.

However, a problem arises when merchants or other parties wish toinvolve third-party services that require access to sensitive data. Forexample, a merchant may wish to enable third-party fraud protectionsrequiring access to account numbers of their customers not stored inmerchant systems. A solution is needed that will preserve riskreduction, enable a cost-effective architecture, and that does notdilute the original value proposition.

SUMMARY

Included are embodiments for tokenizing sensitive data. Some embodimentsof a method may comprise receiving, from an electronic data server, arequest for a low-value token, the low-value token being associated witha subset of sensitive data associated with a user; providing thelow-value token to the electronic data server; receiving a request forthe subset of sensitive data, from a third-party data service server,the request comprising the low-value token; de-tokenizing the low-valuetoken to obtain the subset of sensitive data; providing the subset ofsensitive data to the third-party data service server; receiving, froman electronic data server, the low-value token and a transactionauthorization request; determining, based on the low-value token andauthorization request, an authorization response; and providing theauthorization response to the electronic data server.

Also included are embodiments of a system. Some embodiments of thesystem include a data storage device storing instructions for enablingthird-party data service interoperability, and a processor configured toexecute the instructions to perform a method comprising receiving, froman electronic data server, a request for a low-value token, thelow-value token being associated with a subset of sensitive dataassociated with a user; providing the low-value token to the electronicdata server; receiving a request for the subset of sensitive data, froma third-party data service server, the request comprising the low-valuetoken; de-tokenizing the low-value token to obtain the subset ofsensitive data; and providing the subset of sensitive data to thethird-party data service server.

Also included are embodiments of a computer-readable medium. Someembodiments of the computer-readable medium include a non-transitorycomputer-readable medium storing instructions that, when executed by atransaction processor, cause the transaction processor to perform amethod for enabling third-party data service interoperability, themethod comprising receiving, from an electronic data server, a requestfor a low-value token, the low-value token being associated with asubset of sensitive data associated with a user; providing the low-valuetoken to the electronic data server; receiving a request for the subsetof sensitive data, from a third-party data service server, the requestcomprising the low-value token; de-tokenizing the low-value token toobtain the subset of sensitive data; providing the subset of sensitivedata to the third-party data service server.

Other embodiments and/or advantages of this disclosure will be or maybecome apparent to one with skill in the art upon examination of thefollowing drawings and detailed description. It is intended that allsuch additional systems, methods, features, and advantages be includedwithin this description and be within the scope of the presentdisclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of this specification, illustrate several embodiments and togetherwith the description, serve to explain the principles of the disclosure.

FIG. 1 is an example schematic block diagram of a system fortokenization, according to techniques presented herein;

FIG. 2 is an example schematic block diagram for a more detailed view ofcomponents within the tokenization system and transaction processor, inaccordance with some embodiments;

FIG. 3 is an example schematic block diagram of a tokenizer service,according to techniques presented herein;

FIG. 4 is a block diagram illustrating a method of performing atransaction using a low-value token, according to techniques presentedherein;

FIG. 5 is a block diagram illustrating a method of performing atransaction using a low-value token, according to techniques presentedherein; and

FIG. 6 is a block diagram illustrating a method of performing atransaction using a low-value token, according to techniques presentedherein.

DESCRIPTION OF THE EMBODIMENTS

The present disclosed embodiments will now be described in detail withreference to several examples thereof as illustrated in the accompanyingdrawings. In the following description, numerous specific details areset forth in order to provide a thorough understanding of embodiments ofthe present disclosure. It will be apparent, however, to one skilled inthe art, that embodiments may be practiced without some or all of thesespecific details. In other instances, well known process steps and/orstructures have not been described in detail in order to notunnecessarily obscure the present embodiments. The features andadvantages of embodiments may be better understood with reference to thedrawings and discussions that follow.

The following discussion relates to methods and systems for low-valuetokenization of sensitive data. Such systems and methods maintainincreased security for electronic transactions while still enablingmerchants and other transacting parties to engage third party services.

It should be appreciated that particular consideration is made herein tocredit card transactions due to the prevalence of these transactions.Despite this reference to credit cards, the disclosed systems andmethods apply equally well to the transfer of any sensitive data,whether “card present” or “card not present” (CNP). Disclosed systemsand methods may apply, for example, in online transactions where a useris not physically present at a merchant location. Transactions mayinclude debit transactions, gift card transactions, PayPal transactions,BitCoin transactions, smart card transactions, mobile applicationtransactions, and the usage of loyalty cards, to name a few.Effectively, any circumstance where sensitive data, such as a personalaccount number (PAN), social security number, etc., or tokencorresponding thereto, is being transmitted over a network, systems andmethods disclosed herein may be employed. Further, while the partyseeking to initiate a secure transaction and/or provide a third-partyservice may be referred to herein as a “merchant” a party seeking toinitiate a secure transaction need not be a merchant, but may be aservice provider, or any party seeking to execute a transaction.

FIG. 1 depicts a system 100 with a merchant system 102, such as amerchant point of sale (“POS”) system(s), terminal(s), and/or server,that may collect credit card information (or other sensitive data) andtransfer the data securely to the transaction system(s) 106, which maybe a payment system(s), via an intermediary such as a transactionprocessor 220. The user 201 may provide sensitive data directly, such asat a POS terminal at a retail location, or via, for example, remotelyvia a user browser 101. The user browser 101 may interact with themerchant system 102, and/or directly with the transaction processor 220.The user browser 101 may be a client-side browser on a user computingdevice, but may also be a client-side app, or any other type ofclient-side data processor. The merchant system 102 may be a paymentterminal (e.g., a “pin pad”), or, a data server, for example, displayinga merchant's e-commerce store. A transaction processor 220, such as apayment processor, may be an intermediary in this system to ensurevalidity of the request, and may generate a token. The token may be, forexample, a randomly generated number. The token, which may also bereferred to as a “high-value token” herein, may also be a pseudorandomnumber, encrypted information, or other character sequence. Thetransaction system(s) 106 may securely return a transaction response tomerchant system 102, along with the token generated by the transactionprocessor and/or transaction system 106.

The token may be unique per customer/person or account number permerchant or organization. Thus, if a given user makes a purchase atmerchant A, token A may be generated, but if a given user makes apurchase at merchant B, even if using the same credit card, token B maybe generated.

By relying upon a token, a merchant system 102 is no longer required tosend credit card information or other sensitive data for subsequenttransactions, and may instead use the token, such as for follow-upactivities. For example, a restaurant may initially run a transactionfor the cost of a meal, and perform a follow-up transaction using thetoken for processing the tip. Alternatively, in a card-not-presentcontext, an online merchant may run multiple transactions for arecurring web subscription using one or more tokens. Another example mayinclude recurring transactions for a gym membership. A merchant may usetokens for returns or price adjustments rather than resending sensitivetransaction information over a network. Using tokenization, a merchantor merchant may enhance security by not storing sensitive data ofcustomers on its own systems. However, as will be discussed furtherbelow, this may create problems, as merchants may require sensitive datato perform their services.

As an example, a user 201, such as a customer or purchaser, may interactwith merchant system 102 and/or user browser 101 to initiate atransaction, such as to pay for a good or service. In a physicalenvironment, the user 201 may provide a magnetically stored accountnumber and/or expiration number in the form of a credit card, but anyform of sensitive data may be used, in some embodiments. In thee-commerce environment, the user 201 may type the credit card accountnumber and expiration date into the user's computing device, for examplein the user browser 101.

The merchant system 102 may include a fixed card reader, an integratedcash register system, a mobile payment application, a consumer'scomputer, or the like. As noted above, merchant system 102 may encryptthe collected data at the reader head or processor in order to ensuresecurity. Alternatively, the initial encryption may be performed insoftware in the merchant system 102, in some embodiments. Encryption mayalso occur at the user browser 101. Software encryption, however, mayincrease vulnerability to security breach if merchant system 102 hasbeen compromised. Regardless of location of initial encryption, anencryption protocol may be employed, in some embodiments. Thisencryption protocol may include a merchant ID, an amount for thetransaction, a password(s) and/or an encrypted portion(s), or othertransaction metadata. In some embodiments, the encrypted portion may bein the following format:

<encryption> <block> <key> <serial number> </encryption>

It should be appreciated that, while a specific encryption protocol ispresented here, alternate known encryption schemas may be readilyemployed in alternate embodiments.

In one embodiment, the merchant system 102 and/or user browser 101 mayprovide the collected account information (and/or other sensitive data)to a transaction service(s) 204, such as payment service(s), in thetokenization and transaction processor 220 (e.g., payment managementsystem or payment processor). This transfer of data may be performedover a telecommunications network, for example, the Internet, or via anyother type of network. Transaction service(s) 204 may include aplurality of systems for receiving the data, dependent upon transmissionmechanism and data type, as will be discussed in greater detail below.The transaction service(s) 204 may perform an initial check forencryption of the data. If the received data is not encrypted, thereceived data may be transferred promptly to transaction system(s) 106for transfer of funds, or directly to entities such as Visa, MasterCard,etc. Transaction system(s) 106 may be operated by entities such asGlobal Card Bank, for example. However, where encryption is present,and/or tokenization is desired, transaction service(s) 204 may transferthe information to a tokenizer encryption service 210 for processing.Transaction service(s) 204 may validate the encrypted block, encryptedkey, and/or reader serial number lengths. It may also validate themerchant's ID with a stored database of terminal IDs.

Tokenizer encryption service 210 may further validate credentials andidentify keys for the encrypted data. The data may further be submittedto a hardware security module 208 for decryption and for the generationof a token. The token may include a PAN, an expiration date for thetoken, and/or an expiration date for the card. Tokens might also notthemselves contain any sensitive data, but rather merely correspond tosensitive identification data such as social security numbers, accountinformation, or other sensitive financial data, such as cardholder data.The sensitive data may be stored securely at the transaction processor220 or elsewhere.

In some embodiments, any expiration date of the token, if present, maybe varied depending upon whether the token is designated as a single usetoken or as a token for recurring transactions (i.e., a subscription).For example, a one-year and two-year expiration may be provided forsingle use and recurring tokens, respectively, which allows for a longervalidity period where the merchant is anticipating reuse of the token,and ensures that single use tokens are not stored longer than necessary.

The token, which may be encrypted, and clear text of the data suppliedby merchant system 102, may be returned to tokenizer encryption service210 and subsequently to transaction service(s) 204. Transactionservice(s) 204 may transfer the clear text to transaction system(s) 106for a transaction response. The response may then be provided, alongwith the token, back to the merchant, such as to the merchant system102. The merchant may then store the encrypted token for latertransactions.

Thus, the merchant may be prevented from accessing sensitive datawithout keys which may be maintained within hardware security module208, or elsewhere in a secured location accessible to the transactionprocessor 220. Thus, for account information to be compromised, both themerchant system 102 (or other merchant storage) and the transactionprocessor 220 would need to be breached. Alternatively, sensitive datamay be stored exclusively within the transaction processor 220.

FIG. 2 is an example schematic block diagram for a more detailed view ofcomponents within the tokenization system and transaction processor 220,in accordance with some embodiments. In this example block diagram,unencrypted data or encrypted data 302 from the merchant system 102and/or user browser 101 may be delivered to the transaction processor220, such as to transaction service(s) 204, via, for example, a dial-upaccess connector 304, or Internet data connection 306, through whichdata may pass, for example, via network socket and/or web service.Although a dial-up access connector 304 and Internet data 306connections are shown, any type of data connection may be establishedfor data transfer purposes. Incoming data may be provided to server 314.

In addition to the server 314, other servers may be included, inalternate embodiments, in order to handle any data inputs. For example,in embodiments where gift cards or loyalty cards are being processed,the system may include a gift card server or loyalty card server. Thesystem may be scalable to take any number of payment types, as isdesirable for any particular scenario.

The server 314 may determine whether a token is present and/or if datais encrypted. If the data is not encrypted and the merchant is not setup for tokenization, the clear text data may be transferred to thetransaction system(s) 106 (such as Global Card Bank, Visa, etc.) forapproval or declining. Otherwise, if the data includes a token orencrypted data, or if tokenization is otherwise requested, the data maybe provided to tokenizer encryption service 210, as previouslydiscussed.

FIG. 3 is a block diagram illustrating a method of performing an onlinetransaction utilizing tokens where a user may initiate acard-not-present (CNP) transaction using, for example, a browser 101.Security risks for both the customer and the merchant may beparticularly high in a CNP scenario. If merchants were to storesensitive data of customers, for example, they would be exposingthemselves to legal liability in the event of a security breach. Onesolution to this problem is to prevent the merchant from ever obtainingthe sensitive data at all. However, as will be discussed below, themerchant may still need some forms of sensitive data for certainpurposes.

In a CNP transaction, at step 505 a user 201 may enter, into a browser102, sensitive data such as, but not limited to, a personal accountnumber (PAN), a card verification value (CVV), and/or an expiration dateof the card, for example in order to execute an online purchase. Thisinformation may be entered in a web form that appears to the user to beowned by the merchant, but the form may actually be hosted bytransaction processor 220 via, for example, an iFrame.

At step 510, the sensitive data may be transferred to the transactionprocessor 220, such as a payment processor. A server such as a CNPServer, which may be server 314 or transaction services 204, may receivethe sensitive data, which may be encrypted, and provide a registrationidentifier 520 back to the user browser 101. The registration identifier520 may be a randomly generated, non-sensitive, low-value token thatacts as a replacement for the PAN and/or other sensitive data.

At step 525, the registration identifier 520 may be provided to themerchant system 101, such as an e-commerce server. The merchant's systemmay provide the registration identifier 520 to a transaction processingunit, which may be, for example, server 314 or transaction services 204.The transaction processor 220 may convert the registration identifier520 to a high-value token or “omnitoken authorization response” 545,which may be provided to the merchant's server 101. The high-value token545 may be reused by the merchant for subsequent transactions, asdiscussed above. While transaction processing and at least one CNPserver are depicted as sending and receiving data, any entity in thetransaction processor may perform the steps depicted in FIG. 3,including server 314 or transaction services 204.

Using systems and methods such as those of FIG. 3, sensitive data suchas cardholder data might not ever be transmitted to the merchant'sservers, because the webpage displayed in the user browser at step 505,or a portion thereof, may be hosted by the transaction processor 220.

While preventing the merchant from having access to sensitive data mayenhance security, it may present a business challenge to the merchant,who may wish to enable or maintain business operations throughthird-parties who need sensitive data, such as cardholder data toperform their desired business functions. For example, merchants maywish to obtain services of non-financial value-added service agencieslike third-party risk and/or fraud scoring services (for example,CyberSource or Cardinal Commerce), who may require the PAN.

One solution would be for the merchant to be able to provide thehigh-value token to the transaction processor 220, and be provided withsensitive data, such as the PAN, in return. However, this would allowmerchants to create a mapping between PANs and high-value tokens, whichis a security risk. Another solution would be to allow the merchants toprovide the high-value tokens to the third-party service provider. Thethird-party service provider could then provide the high-value token tothe transaction processor 220, and be provided with the sensitive data.However, this would allow the third-party service to potentially createa mapping between PANs, for example, and tokens, which is again asecurity risk. Mappings of high-value tokens to sensitive data may allowthe replication of the transaction processor's 220 mapping token vaultoutside of a secure environment. With a mapping table, third partiescould improperly use PAN/token mappings and cache tokens so they wouldnot have to call the transaction processor 220 on every transaction. Inaddition, there would be no validation of who is performing thede-tokenization service. Thus, a solution is needed that will buildvalue, preserve risk reduction, enable a cost-effective architecture,and that does not dilute the original value proposition.

FIG. 4 is a block diagram illustrating a method to provide a low-valuetoken to a merchant system 102 so that the merchant system can enablethird-party services to obtain sensitive data, according to certainembodiments presented herein.

A low-value token may be generated dynamically, and may have a uniquevalue for each transaction, even if the same PAN is presented fortokenization multiple times. Low-value tokens may utilize additionalcompensating controls such that the token applies only to specifictransactions and processing environments. A transaction-based tokenvalue requested through a low-trust environment over the Internet. Thetoken value might only be valid for 24-hours, or some otherpre-determined period of time, after which it can no longer be used forpayment processing.

Other compensating controls may be utilized. For example, third partiesmay be authenticated in order to be able to detokenize with thetransaction processor 220. An authentication of merchant high-valuetoken to low-value token may be performed via an existing messageinterface specification. The third-party may be validated as a trustedrequestor to call the transaction processor 220 to detokenize for everytransaction.

Token group controls may also be utilized, for example in order toensure that the detokenization is being performed for the rightmerchant. A token group may be identified by a merchant. Asthird-parties may support multiple merchants, controls may be taken toensure that a third-party doesn't detokenize a low-value token under thewrong merchant token group. For example, the third-party may provide anadditional merchant identifier to ensure the associated merchant iscorrect.

Transaction controls may also be utilized, for example in order torestrict the types of transactions third parties can perform. Thirdparties may only be able to perform detokenization operations with alow-value token and not be able to detokenize with a high-value token(omnitoken), or retokenize, etc. Third parties may be able to performtokenization of the PAN to a low-value token to provide to the retailer.Operations may also be able to be performed in several ways. Operationsmay be able to be performed directly to the transaction processor 220platform using a message specification. A non-financial interface mayalso be used for batch processing.

Turning back to FIG. 4, if a merchant wishes to engage a third-partyservice, and has a stored a high-value token for a given customer oruser, the merchant system 101 may provide the high-value token to thetransaction processor 220 at step 605 in a request for a low-valuetoken. The high-value token may be encrypted, and the request for alow-value token may be encrypted. The transaction processor 220 may beprompted by the request to provide a low-value token back to themerchant at step 610. A request may further specify the sensitive datato which the low-value token will correspond. For example, the low-valuetoken may be associated with the PAN corresponding to the high-valuetoken. Alternatively, the transaction processor 220 may provide thelow-value token directly to the third-party service. The low-value tokenmay be a token that is not enabled or capable of performingtransactions, but rather is created by the transaction processor 220 forthe limited purpose of being able to obtain one or more pieces ofsensitive data, such as the PAN, for a given user or customer. Thelow-value token may be able to obtain only a subset of availablesensitive data associated with a given user/client/account.

At step 615, the merchant may provide the low-value token to thethird-party service. At step 620, the third-party service may providethe low-value token to the transaction processor 220, for example to anencryption service, which may be the tokenizer encryption service 210.The third party may be validated in order to be able to performdetokenization, as discussed above. The low-value token may be providedusing a web service call. At step 625, the sensitive data associatedwith the low-value token, such as the PAN, may be provided to thethird-party service. A de-tokenization procedure may be performed by thetransaction processor 220 to determine the sensitive data. Thethird-party may be an unaffiliated entity separate from the merchant andmay be prohibited from providing sensitive data, such as the PAN, to themerchant, or any party in possession of the associated high-value token.The third-party service may also reach out to a payment network, forexample for a 3DS transaction, may perform a fraud check, and/or anynumber of financial or non-financial operations. Based on the PAN orother sensitive data provided, at step 630 the third-party may providedata related to the performance of the third-party service, such as 3-DSecure response data, to the merchant. While 3-D Secure response data isdiscussed herein, techniques presented herein may use any third-partysecurity services, such as data security services and/or fraud detectionservices. At step 635, the merchant may request authorization of thetransaction using the low-value token by providing the low-value token,a request to authorize the transaction, and/or third-party service data,for example 3-D Secure data, to the transaction processor 220. Thetransaction processor 220 may determine whether to authorize thetransaction based on the low-value token, the authorization request,and/or the third-party service data. Alternatively, based on the resultsof the third-party service, the merchant may not request transactionauthorization at all. At step 640, the transaction processor 220 mayrespond with the high-value token and/or the authorization response.While transaction processing and encryption services are depicted assending and receiving data, any entity in the transaction processor mayperform the steps depicted in FIG. 4, including server 314 ortransaction services 204.

Steps 630, 635, and 640 may be performed in a variety of different ways,and the manner of performance may depend on which party is seeking theauthorization, and the authorization requirements of the particulartransaction. Steps 630, 635, and 640 illustrate an example situationwhere 3-D Secure may be used.

As an example, at step 635, the third-party service may alternativelysend the authorization request to the transaction processor 220directly. Only a low value token and/or an authorization request mightbe sent in this scenario.

Additional items might also be provided. For example, the third-partyservice might obtain a fraud check using the PAN. At step 635, the fraudcheck score may be provided to the transaction processor along with thelow-value token and authorization request.

At step 640, the high-value token might or might not be passed back withthe authorization response.

Thus, FIG. 4 demonstrates a method of implementing a transaction using athird-party service when sensitive data has already been collected froma user, and a corresponding high-value token is already in storage. FIG.5 demonstrates a similar method, but further illustrates initial captureof sensitive data, such as cardholder data, for example from a new useror customer. At step 705, sensitive data, such as cardholder data, maybe obtained from the customer or user, such as in a terminal or browser102. The sensitive data may be provided to the transaction processor220, such as to a card-not-present server 515.

The transaction processor 220 may provide a low-value token to themerchant, terminal, and/or browser at step 710. Alternatively, thetransaction processor 220 may provide the low-value token directly tothe third-party service. The low-value token may be a token that is notenabled to perform transactions, but rather is created by thetransaction processor 220 for the limited purpose of being able toobtain one or more pieces of sensitive data for a given user orcustomer, such as the PAN.

At step 715, the merchant may provide the low-value token to thethird-party service. At step 720, the third-party service may providethe low-value token to the transaction processor 220, for example to anencryption service, which may be the tokenizer encryption service 210.The third party may be validated, for example by the transactionprocessor 220, in order to be able to be trusted and performdetokenization, as discussed above. The low-value token may be providedusing a web service call. At step 725, the sensitive data associatedwith the low-value token, such as the PAN, may be provided to thethird-party service. The third-party may be prohibited from providingsensitive data, such as the PAN, to the merchant, or any party inpossession of the associated high-value token. The third-party servicemay also reach out to a payment network, for example for a 3DStransaction, may perform a fraud check, and/or any number of financialor non-financial operations. Based on the PAN or other sensitive dataprovided, at step 730 the third-party may provide data related to theperformance of the third-party service, such as 3-D Secure responsedata, to the merchant server 101. At step 735, the merchant may requestauthorization of the transaction using the low-value token, by providingthe low-value token, a request to authorize the transaction, and/orthird-party service data, for example 3-D Secure data, to thetransaction processor 220. Alternatively, based on the results of thethird-party service, the merchant may not request transactionauthorization at all. At step 740, the transaction processor 220 mayrespond with the high-value token and/or the authorization response.While transaction processing, encryption services, and at least one CNPserver are depicted as sending and receiving data, any entity in thetransaction processor may perform the steps depicted in FIG. 5,including server 314 or transaction services 204.

Steps 730, 735, and 740 may be performed in a variety of different ways,and the manner of performance may depend on which party is seeking theauthorization, and the authorization requirements of the particulartransaction. Steps 730, 735, and 740 illustrate an example situationwhere 3-D Secure may be used.

As an example, at step 735, the third-party service may alternativelysend the authorization request to the transaction processor 220directly. Only a low value token and/or an authorization request mightbe sent in this scenario.

Additional items might also be provided. For example, the third-partyservice might obtain a fraud check using the PAN. At step 735, the fraudcheck score may be provided to the transaction processor along with thelow-value token and authorization request.

At step 740, the high-value token might or might not be passed back withthe authorization response.

FIG. 6 is a flow diagram illustrating a method of performing atransaction using a low-value token, according to techniques presentedherein. At step 805, a request may be received, from an electronic dataserver, for a low-value token, the low-value token being associated witha subset of sensitive data associated with a user. At step 810, thelow-value token may be provided to the electronic data server. At step815, a request may be received for the subset of sensitive data from athird-party data service server, the request comprising the low-valuetoken. At step 820, the low-value token may be de-tokenized to obtainthe subset of sensitive data. At step 825, the subset of sensitive datamay be provided to the third-party data service server. At step 830 thelow-value token and a transaction authorization request may be received,from an electronic data server. At step 835, an authorization responsemay be determined, based on the low-value token and authorizationrequest. At step 840, the authorization response may be provided to theelectronic data server.

Techniques presented herein improve the technical field by, for example,enabling a merchant to comply with the Payment Card Industry DataSecurity Standard (PCI DSS) in a manner that builds value, preservesrisk reduction, enables a cost-effective architecture, and that does notdilute the original value proposition. This allows third-parties toreceive a limited use token that can only be used for a limited,need-to-know function, while reducing risk to the transaction processorof third-parties having access to both sensitive data and high-valuetokens. A further advantage is that merchants with an existingrelationship with third-party data security operators may retain thoserelationships, yet still obtain the benefits of obtaining a transactionprocessor. The field of tokenization and network security is improved,as, for example, merchants may be able to engage third-party services toenhance security while not actually ever obtaining or storing thesensitive data of their customers, thus limiting the potential damage ofa security breach. Further, techniques presented herein solve a problemarising in the post-Internet era, namely, for example, an electronicmerchant needing to obtain third-party data security services requiringsensitive electronic data, while the merchants themselves remain only inpossession of data tokens rather than the sensitive electronic dataitself.

In addition to a standard desktop, or server, it is fully within thescope of this disclosure that any computer system capable of therequired storage and processing demands would be suitable for practicingthe embodiments of the present disclosure. This may include tabletdevices, smart phones, pin pad devices, and any other computer devices,whether mobile or even distributed on a network (i.e., cloud based).

In addition, embodiments of the present disclosure further relate tocomputer storage products with a computer-readable medium that havecomputer code thereon for performing various computer-implementedoperations. The media and computer code may be those specially designedand constructed for the purposes of the present disclosure, or they maybe of the kind well known and available to those having skill in thecomputer software arts. Examples of computer-readable media include, butare not limited to: magnetic media such as hard disks, floppy disks, andmagnetic tape; optical media such as CD-ROMs and holographic devices;magneto-optical media such as optical disks; and hardware devices thatare specially configured to store and execute program code, such asapplication-specific integrated circuits (ASICs), programmable logicdevices (PLDs) and ROM and RAM devices. Examples of computer codeinclude machine code, such as produced by a compiler, and filescontaining higher level code that are executed by a computer using aninterpreter.

While the present disclosure has been described in terms of severalembodiments, there are alterations, modifications, permutations, andsubstitute equivalents, that fall within the scope of this disclosure.

It should also be noted that there are many alternative ways ofimplementing the methods and systems of the present disclosure. It istherefore intended that the following appended claims be interpreted asincluding all such alterations, modifications, permutations, andsubstitute equivalents as fall within the true spirit and scope of thepresent disclosure.

1-20. (canceled)
 21. A method for maintaining electronic transactiondata security with a third-party service, comprising: receiving, by atransaction processor server from a user browser, sensitive data of auser and a request for a low-value token; generating, by the transactionprocessor server, the low-value token by tokenizing the sensitive dataof the user, the low-value token being a limited-use token configured toobtain a subset of the sensitive data of the user; providing, by thetransaction processor server to the user browser, the low-value token;receiving, by the transaction processor server from a third-partyservice server at a first time, the low-value token, the low-value tokenhaving been transmitted from the user browser to the third-party serviceserver; determining, by the transaction processor server, the subset ofthe sensitive data of the user based on detokenizing the low-valuetoken; and providing, by the transaction processor server to thethird-party service server, the subset of the sensitive data of theuser.
 22. The method of claim 21, further comprising: receiving, by thetransaction processor server from an electronic data server at a secondtime, the low value token, a transaction authorization request, andthird-party service data; determining, by the transaction processorserver, whether to authorize an electronic transaction based on at leastone of the low value token, the transaction authorization request, andthe third-party service data; and providing, by the transactionprocessor server to the electronic data server, a transactionauthorization response based on the determination.
 23. The method ofclaim 22, wherein the transaction authorization response is providedwith a high-value token, the high-value token being associated with thesensitive data of the user and being usable by the electronic dataserver to execute subsequent electronic transactions.
 24. The method ofclaim 22, wherein the third-party service data is 3-D Secure responsedata.
 25. The method of claim 21, further comprising: receiving, by thetransaction processor server from the third-party service server at asecond time, the low-value token and a transaction authorizationrequest; determining, by the transaction processor server, whether toauthorize an electronic transaction based on at least one of the lowvalue token and the transaction authorization request; and providing, bythe transaction processor server to the electronic data server, atransaction authorization response based on the determination.
 26. Themethod of claim 21, wherein the third-party service server performs afraud check based on the subset of the sensitive data of the user. 27.The method of claim 21, wherein the subset of the sensitive datacomprises a personal account number (PAN).
 28. A system for maintainingelectronic transaction data security with a third-party service, thesystem comprising: a data storage device storing instructions; and oneor more processors configured to execute the instructions to perform amethod comprising: receiving, by a transaction processor server from auser browser, sensitive data of a user and a request for a low-valuetoken; generating, by the transaction processor server, the low-valuetoken by tokenizing the sensitive data of the user, the low-value tokenbeing a limited-use token configured to obtain a subset of the sensitivedata of the user; providing, by the transaction processor server to theuser browser, the low-value token; receiving, by the transactionprocessor server from a third-party service server at a first time, thelow-value token, the low-value token having been transmitted from theuser browser to the third-party service server; determining, by thetransaction processor server, the subset of the sensitive data of theuser based on detokenizing the low-value token; and providing, by thetransaction processor server to the third-party service server, thesubset of the sensitive data of the user.
 29. The system of claim 28,wherein the method further comprises: receiving, by the transactionprocessor server from an electronic data server at a second time, thelow value token, a transaction authorization request, and third-partyservice data; determining, by the transaction processor server, whetherto authorize an electronic transaction based on at least one of the lowvalue token, the transaction authorization request, and the third-partyservice data; and providing, by the transaction processor server to theelectronic data server, a transaction authorization response based onthe determination.
 30. The system of claim 29, wherein the transactionauthorization response is provided with a high-value token, thehigh-value token being associated with the sensitive data of the userand being usable by the electronic data server to execute subsequentelectronic transactions.
 31. The system of claim 29, wherein thethird-party service data is 3-D Secure response data.
 32. The system ofclaim 28, wherein the method further comprises: receiving, by thetransaction processor server from the third-party service server at asecond time, the low-value token and a transaction authorizationrequest; determining, by the transaction processor server, whether toauthorize an electronic transaction based on at least one of the lowvalue token and the transaction authorization request; and providing, bythe transaction processor server to the electronic data server, atransaction authorization response based on the determination.
 33. Thesystem of claim 28, wherein the third-party service server performs afraud check based on the subset of the sensitive data of the user. 34.The system of claim 28, wherein the subset of the sensitive datacomprises a personal account number (PAN).
 35. A non-transitorycomputer-readable medium storing instructions that, when executed by atransaction processor server, cause the transaction processor server toperform a method for maintaining electronic transaction data securitywith a third-party service, the method comprising: receiving, by thetransaction processor server from a user browser, sensitive data of auser and a request for a low-value token; generating, by the transactionprocessor server, the low-value token by tokenizing the sensitive dataof the user, the low-value token being a limited-use token configured toobtain a subset of the sensitive data of the user; providing, by thetransaction processor server to the user browser, the low-value token;receiving, by the transaction processor server from a third-partyservice server at a first time, the low-value token, the low-value tokenhaving been transmitted from the user browser to the third-party serviceserver; determining, by the transaction processor server, the subset ofthe sensitive data of the user based on detokenizing the low-valuetoken; and providing, by the transaction processor server to thethird-party service server, the subset of the sensitive data of theuser.
 36. The computer-readable medium of claim 35, wherein the methodfurther comprises: receiving, by the transaction processor server froman electronic data server at a second time, the low value token, atransaction authorization request, and third-party service data;determining, by the transaction processor server, whether to authorizean electronic transaction based on at least one of the low value token,the transaction authorization request, and the third-party service data;and providing, by the transaction processor server to the electronicdata server, a transaction authorization response based on thedetermination.
 37. The computer-readable medium of claim 36, wherein thetransaction authorization response is provided with a high-value token,the high-value token being associated with the sensitive data of theuser and being usable by the electronic data server to executesubsequent electronic transactions.
 38. The computer-readable medium ofclaim 36, wherein the third-party service data is 3-D Secure responsedata.
 39. The computer-readable medium of claim 35, wherein the methodfurther comprises: receiving, by the transaction processor server fromthe third-party service server at a second time, the low-value token anda transaction authorization request; determining, by the transactionprocessor server, whether to authorize an electronic transaction basedon at least one of the low value token and the transaction authorizationrequest; and providing, by the transaction processor server to theelectronic data server, a transaction authorization response based onthe determination.
 40. The computer-readable medium of claim 35, whereinthe third-party service server performs a fraud check based on thesubset of the sensitive data of the user.